PGP/GPG Cheat Sheet

**NOTE** (for those who are confused by GPG vs PGP)

GPG (GNU Privacy Guard, GnuPG) is a free software alternative to the PGP suite of cryptographic software. GPG is a part of the Free Software Foundation’s GNU software project, and has received major funding from the German government. It is released under the terms of version 3 of the GNU General Public License.

PGP (Pretty Good Privacy) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. It was created by Philip Zimmermann in 1991.

This a personal backup of an original cheat sheet here:

to create a key:
gpg –gen-key
generally you can select the defaults.

to export a public key into file public.key:
gpg –export -a “User Name” > public.key
This will create a file called public.key with the ascii representation of the public key for User Name. This is a variation on:
gpg –export
which by itself is basically going to print out a bunch of crap to your screen. I recommend against doing this.
gpg –export -a “User Name”
prints out the public key for User Name to the command line, which is only semi-useful

to export a private key:
gpg –export-secret-key -a “User Name” > private.key
This will create a file called private.key with the ascii representation of the private key for User Name.
It’s pretty much like exporting a public key, but you have to override some default protections. There’s a note (*) at the bottom explaining why you may want to do this.

to import a public key:
gpg –import public.key
This adds the public key in the file “public.key” to your public key ring.

to import a private key:
gpg –allow-secret-key-import –import private.key
This adds the private key in the file “private.key” to your private key ring. There’s a note (*) at the bottom explaining why you may want to do this.

to delete a public key (from your public key ring):
gpg –delete-key “User Name”
This removes the public key from your public key ring.
NOTE! If there is a private key on your private key ring associated with this public key, you will get an error! You must delete your private key for this key pair from your private key ring first.

to delete an private key (a key on your private key ring):
gpg –delete-secret-key “User Name”
This deletes the secret key from your secret key ring.

To list the keys in your public key ring:
gpg –list-keys

To list the keys in your secret key ring:
gpg –list-secret-keys

To generate a short list of numbers that you can use via an alternative method to verify a public key, use:
gpg –fingerprint > fingerprint
This creates the file fingerprint with your fingerprint info.

To encrypt data, use:
gpg -e -u “Sender User Name” -r “Receiver User Name” somefile
There are some useful options here, such as -u to specify the secret key to be used, and -r to specify the public key of the recipient.
As an example: gpg -e -u “Charles Lockhart” -r “A Friend” mydata.tar
This should create a file called “mydata.tar.gpg” that contains the encrypted data. I think you specify the senders username so that the recipient can verify that the contents are from that person (using the fingerprint?).
NOTE!: mydata.tar is not removed, you end up with two files, so if you want to have only the encrypted file in existance, you probably have to delete mydata.tar yourself.
An interesting side note, I encrypted the preemptive kernel patch, a file of 55,247 bytes, and ended up with an encrypted file of 15,276 bytes.

To decrypt data, use:
gpg -d mydata.tar.gpg
If you have multiple secret keys, it’ll choose the correct one, or output an error if the correct one doesn’t exist. You’ll be prompted to enter your passphrase. Afterwards there will exist the file “mydata.tar”, and the encrypted “original,” mydata.tar.gpg.

Ok, so what if you’re a paranoid bastard and want to encrypt some of your own files, so nobody can break into your computer and get them? Simply encrypt them using yourself as the recipient.

I haven’t used the commands:
gpg –edit-key
gpg –gen-revoke

* –gen-revoke creates a revocation certificate, which when distributed to people and keyservers tells them that your key is no longer valid, see
* –edit-key allows you do do an assortment of key tasks, see


4 thoughts on “PGP/GPG Cheat Sheet

  1. No, FSM is right. I came here via google looking for command line options for PGP, not GPG. The fact that it understands PGP keys isn't particularly relevant.

  2. And you got commandline options for PGP. So use Google again and find another Gpg/Pgp site. If you find using Gnupg and Google difficult, may I suggest you just leave the whole encryption thing and Google something easier.

    By the way, this line was a classic:

    “”The fact that it (GnuPG) understands PGP keys isn’t particularly relevant.””

    GnuPG for GPG not relevant lol! Go tell that to the Gnu, GnuPG, PGP devs 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s